Information Security Manager in Denver, Colorado

Description

Information Security Manager

AArete is one-of-a-kind when it comes to consulting firm culture.

We’re a global, innovative management and technology consulting firm,
with offices in the U.S., India, and the U.K. Our name comes from the
Greek word for excellence: “Arete.” And excellence is exactly what we
strive fo

Our success starts with enriching and empowering our people. From robust
career development planning to competitive life and wellness benefits,
AArete’s “Culture of Care” takes a holistic approach to the employee
experience

AAretians (our team members) are leaders at every level. You are
encouraged to unlock your full potential by directly contributing to our
mission and prioritizing space for personal development and fulfillment.

The Role

AArete is looking for an Information Security Manager to own and manage our
security program.This role involves managing security operations, identity
and access management, disaster recovery, and incident response. This role
will also ensure compliance with frameworks like HITRUST, ISO, and SOC2,
and align security strategies with business goals. The ideal candidate will
drive security improvements, monitor compliance, and work with senior
management to evaluate risk and ensure organizational security goals are met.
Hands-on experience with AWS is essential.

Work You’ll Do

Communicate the value of information technology (IT) security throughout
all levels of the organization stakeholders
Provide leadership and direction to information technology (IT) personnel
by ensuringthat cybersecurity awareness, basics, literacy, and training
are provided to operations personnel commensurate with their responsibilities
Promote awareness of security issues among management and ensure sound
security principles are reflected in the organization’s vision and goals
Run day to day tasks that cater to the Security Program & Operations
Identify security requirements specific to an information technology (IT)
system in all phases of the system life cycle
Oversee policy standards and implementation strategies to ensure procedures
and guidelines comply with cybersecurity best practices
Support necessary compliance activities (e.g., ensure that system security
configuration guidelines are followed, compliance monitoring occurs)
against HITRUST, ISO, SOC2, etc. frameworks
Collect and maintain data needed to meet system cybersecurity reporting
Ensure that security improvement actions are evaluated, validated, and
implemented as required
Manage threat or target analysis of cyber defense information and production
of threat information within the enterprise
Oversee the information security training and awareness program
Participate in an information security risk assessment during the Security
Assessment and Authorization process
Prepare, distribute, and maintain plans, instructions, guidance, and
standard operating procedures concerning the security of network system(s)
oper
Recognize a possible security violation and take appropriate action to report
the incident, as required
Recommend resource allocations required to securely operate and maintain an
organization’s cybersecurity requirements
Recommend policy and coordinate review and approval
Use organization-specific published documents to manage operations of the
computing environment system(s)
Evaluate the effectiveness of procurement function in addressing information
security requirements and supply chain risks through procurement activities
and recommend improvements
Assure successful implementation and functionality of security requirements
and appropriate information technology (IT) policies and procedures that
are consistent with the organization’s mission and goals
Evaluate risk levels and security posture and advise senior management
Supervise or manage protective or corrective measures when a cybersecurity
incident or vulnerability is discovered
Trac audit findings and recommendations to ensure that appropriatemitigation
actions are taken
Participate in Risk Governance process to provide security risks,
mitigations, and input on other technical risk
Ensure that plans of actions and milestones or remediation plans are in place
for vulnerabilities identified during risk assessments, audits,
inspections, etc.
Other duties as assigned

Requirements

Bachelor’s Degree in information security, computer science,
cybersecurity preferred
Minimum 6 years of experience in Information Technology Security
Experience leading projects and/or teams
Minimum 2 years of experience with Amazon Web Services (AWS)
Ability to clearly explain complex security requirements to technical and
non-technical audiences
Willingness to engage in direct client interaction, including travel to
client locations
Willing to be a hands-on engineer as required
Must be legally authorized to work in the United States without the need for
employer sponsorship

Preferred Requirements